About

TimeDicer is a free file backup and recovery solution (using rdiff-backup) for Windows (Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows XP, Windows 2008 R2, Windows 2008, Windows 2003 - for 32-bit x86 and 64-bit x64). It allows you to backup and then later recover your files to/from a separate machine, with options for encryption and offsite mirroring. Even if you have subsequently altered or deleted files, and backed up your erroneous changes with TimeDicer, you can still recover versions that you previously backed up.

Under development since 2008 and with latest version dated 2018-04-15, TimeDicer backs up files to your own TimeDicer Server (which can be real or virtual), and is normally run as an automated daily routine for one or more computers located on the same local network (though it can be used in other configurations). TimeDicer is not in itself a system recovery tool, but if your system has been lost - and you have previously been using TimeDicer to backup your data - it will enable you to recover your data into a repaired or new system. It also works easily for recovering earlier versions of individual files.

TimeDicer carries out a push backup - that is, the backup is started by the source machine (the client) and data is pushed to the destination (the server). TimeDicer allows you to revert to different 'timeslices'. You could say it was dicing (that is, chopping or slicing) time - hence the name.

Not only does it give a backup which is a snapshot of files as they were at one time, but also earlier versions of these files, and files that were long ago deleted from your operating computer; so it adds the 4th dimension (time) to a backup archive, and does so elegantly, optimising both transfer (for speed) and storage (for space).

TimeDicer consists of:

TimeDicer Client: a Windows command script (batch file) which can be run as a regular (daily) Scheduled Task to backup data from one or many Windows computers to the primary backup server. It allows backup of locked files. The latest version of TimeDicer Client is 8.0415 (dated 2018-04-15), available here (changelog here). TimeDicer Client can backup to any Linux machine which has rdiff-backup, but for best integration it is recommended to use a dedicated TimeDicer Server. Instructions for installing and configuring TimeDicer Client are found below.

TimeDicer Server: based on Ubuntu Server OS, for onsite backup - simple setup instructions below. It can be a virtual machine.

TimeDicer Server Pool - two (or more) mutually-mirrored TimeDicer Servers can be offsite backups for one another

Data security compliance (e.g. to meet European GDPR) is a snap, risk of security breach is minimised - data can be held encrypted on your own machine(s)

TimeDicer is based on and uses a number of open source and free projects and software, in particular rdiff-backup and Rdiffweb, thanks are given to all the brilliant people who made and make these possible. Please send any questions about TimeDicer to dominic@timedicer.co.uk.

Server Setup: Installation & Configuration

TimeDicer Client can backup to any suitably configured GNU/Linux-based machine (i.e. server) which has rdiff-backup installed - the server can be virtual or physical. However the supported configuration uses a single-purpose TimeDicer Server running Ubuntu Server 18.10 or 18.04LTS or 16.04LTS (64-bit or 32-bit).

It is recommended that you locate your Primary TimeDicer Server (which can be a virtual machine) on your local area network (LAN), not at an offsite or remote (internet) location. To backup to an offsite location you can later create a Mirror TimeDicer Server (see below).

Having a single-purpose TimeDicer Server, rather than using a machine which has other functions, is strongly recommended because it makes it easy to duplicate following the ‘recipe’ here. You can create a secondary ‘mirror’ server offsite, synchronize it daily with the primary server and then, if disaster strikes and the primary server is lost, you can recreate it using the instructions in this section and then mirror your data back to it from your secondary server.

Running this setup will take about 20 minutes. It is based on a machine with a single hard disk, but if required you can expand the system later onto additional disks. The instructions do not cover use of RAID; although this is compatible we consider it safer instead to mirror your TimeDicer Server regularly to a Mirror TimeDicer Server in a different location (see below).

This setup also works if creating your TimeDicer Server as a virtual machine e.g. using Virtual Box or Vmware: just make sure to select a 'bridged adapter' type for the virtual network settings so that your server has its own ip address.

Create bootable media: To match these instructions, and keep the option of using encrypted LVM, use the alternate installer obtainable here. Download the appropriate file for your hardware (normally the one that ends -amd64.iso). Then:

if installing from physical DVD, use your preferred DVD burning software to create the DVD;

if installing from physical USB, create a bootable USB - at the time of writing instructions for doing this can be found here (or google 'create ubuntu live usb') - but of course use the alternate server iso given above, not the standard live iso; or

if installing from physical CD, download the so-called Netboot file mini.iso (as appropriate for your hardware) from here and burn it onto a CD (this is because the standard installation iso is too large for a CD - the only disadvantage of Netboot installation is that it takes a bit longer).

For hostname it is recommended to use 'timedicer1' for your primary server (use 'timedicer2' for a secondary or mirror server, or timedicer3-timedicer9 for other machines that will belong to the same TimeDicer Server Pool) [a minute or two may now elapse]

'Full name for the new user' - recommended to use 'timedicer'

'Username for your account' - recommended to use 'timedicer'

'Choose a password for the new user' - specify your own, don't forget it! [a minute or two may now elapse]

'Encrypt your home directory' - select <No>

'Partition disks' - choose either:

'Guided - use entire disk and set up LVM'; or

'Guided - use entire disk and set up encrypted LVM': you will be asked to specify a passphrase which must be entered (locally or remotely) whenever the machine is booted; if you lose the passphrase (and don't have a suitable backup) you will no longer be able to access the data on the disk. The advantage of encryption is that you can be confident that a third party cannot read the disk contents even if they have stolen it and have time on their hands (provided they never had root access to the system while it was operational). If you are thinking of choosing encryption, review the extra information in Security and Privacy and in Additional Notes below. Note that after setup it is impractical to change an existing server from unencrypted to encrypted or vice-versa.

'Amount of volume group to use for guided partitioning' - replace the default suggestion with 80% (the amount can easily be expanded later but not so easily reduced - and it is good to leave some space for snapshots)

'Finish partitioning and write changes to disk'. [After this the base system is installed - takes say 4 minutes]

First Boot of TimeDicer Server: Log in to the machine with the username and password you created above. You can find the IP address of the machine by logging in at the local console and typing hostname -I, or by examining your local router's admin web page; once you have this then you can log in to the machine remotely from Windows with putty or from Linux with ssh. A big advantage of remote login is that you can copy and paste from here.

Download and run timedicer-server-setup: Substituting your own email address for the one given in the last line below, and entering only the text after the first '$' or '#' sign on each line, do:

You may have to answer some questions about your timezone and about postfix (outgoing email) configuration:

'General type of mail configuration' - select Internet Site if you want to send emails direct from this machine (this is likely to be unreliable unless the wan-facing ip is static) or Satellite System if you need to send via another relaying smtp server using STARTTLS.

'System mail name' - this is the domain name part of the source email address for emails sent by your TimeDicer Server (e.g. mydomain.com in timedicer@mydomain.com) - use your real domain name or at least a name that appears to be a real domain name e.g. mytimedicer.org. This domain name does not have to be exclusive to this machine.

'SMTP relay host' - if you have selected Satellite System you need to provide the name of the relayhost through which this machine will relay its emails; you must include the port if it is not 25 (e.g. myrelayhost.tld:587).

'Username' and 'Password' - if you have selected Satellite System then a few seconds later you will be asked for the username and password for connection to the relayhost. This is tested using STARTTLS and you should see a confirmation that a successful connection was made. (Note: there is no option at the present time for setting up or testing relaying via SSL/TLS using port 465.)

How long timedicer-server-setup takes will depend mostly on the number of updates to the Ubuntu operating system. Some information about what it does can be seen here.

Check for email: the system should have sent you an email to report that it is up and running; if you don't receive this check the log with tail /var/log/mail.log.

Reboot: because of the large number of changes to the system, reboot now: reboot, and then log back in.

Test your webserver: you should be able to reach your new TimeDicer Server's web page from any other computer located on your lan, by using a browser and pointing it at the TimeDicer Server's ip address e.g. http://192.168.1.35.

Secure your webserver: there is a second web interface at port 8080 e.g. http://192.168.1.35:8080 - used by rdiffweb (see below). You should log in here as the administrator with username 'admin' and change the password from the default setting 'admin123'.

Making a Backup: Using Client

You create backups from your Windows machine(s) by running TimeDicer Client. The latest version is 8.0415 (dated 2018-04-15), and it can be downloaded here (changelog here, man page here):

Download timedicer.zip, extract the contents to a temporary location, then run install.bat with administrative privileges (e.g. right-click on install.bat and choose 'Run as Administrator'). If Windows blocks the file from running then select 'More Info' and 'Run anyway'. Enter the ip address of your TimeDicer Server when requested.

Use Puttygen which is started by the install routine (or you can find in the TimeDicer folder) to generate a new public/private key pair. Under 'Parameters' you should have 'SSH-2 RSA' selected and 'Number of bits in a generated key' set to 2048. Click 'Generate' and move your mouse around a bit as advised. Save the private key as privatekey.ppk at %APPDATA%\TimeDicer (despite the warning message, don't set a 'Key passphrase').

Install the public key into your TimeDicer Server by visiting its website: to do this, select and copy all the text from Puttygen's 'Public key' box (beginning 'ssh-rsa') and paste it in to the webpage - and follow the instructions on the webpage. The webpage also requests a password, this is not required to make a backup but it will be needed later when you use rdiffweb to recover files.

Check and if necessary modify your configuration file %APPDATA%\TimeDicer\timedicer.txt, which has been created and is opened automatically by the install routine, as required. This could be as simple as these lines:

SET server=192.168.1.35
SET excludelist=%APPDATA%\TimeDicer\exclude-filelist.txt
%USERPROFILE%,userbase

This tells TimeDicer Client that the TimeDicer Server is at 192.168.1.35, to exclude files based on the names listed in exclude-filelist.txt, and to backup your userbase (%USERPROFILE%, which contains your Desktop, Documents, Pictures, Music etc) to an archive on the Server called 'userbase'.

Now is a good time to consider what you really want to backup! Your first backup might take a long time to complete and you want to avoid backing up unnecessary data. Have a look at the usage of your hard disk with a program like WinDirStat. TimeDicer Client should be configured according to the instructions that you can can see here. Set the line(s) in your TimeDicer configuration file, and in your excludelist file, accordingly.

Run TimeDicer Client from your start menu or your Desktop by right-clicking on TimeDicer.cmd and choosing 'Run as Administrator' (right-click not required for Windows XP). If Windows blocks the file from running then select 'More Info' and 'Run anyway'.

When it has completed, have a look at the log file (unless you specified something different, it is saved at %APPDATA%\TimeDicer\timedicer-log.html - you can open it from your browser e.g. File/Open), and also visit your TimeDicer Server's rdiffweb webpage and login as user for this machine (see Recovering Files with TimeDicer); here you can see and recover backed up files from the server.

If errors have occurred the log file will be automatically displayed and you can also take a look at the output in the TimeDicer command prompt window which will pause at the end of the run (only if there is an error - to prevent pausing use /x switch). If you can't solve the problem, post a message at the bottom of this page.

Once you are happy with your backup, add it to Task Scheduler to run (say) daily; use /x switch to prevent TimeDicer from pausing on error (log file will still be automatically displayed). Unless you have switched off VSS (see below), or are using Windows XP, make sure to set it to 'Run with highest privileges'.

Note that to run TimeDicer using Volume Shadow Services (which is the best and default behaviour) it will require administrative privileges. If these are not available to you, disable VSS by adding the command 'SET vss=n' to your configuration file, or using command line switch /i n.

If at a later time you want to remove TimeDicer from your client machine, just delete the shortcut on the Desktop and the two folders %ProgramFiles%\TimeDicer (or %ProgramFiles(x86)%\TimeDicer), and %APPDATA%\TimeDicer.

You can also make compatible backups from machines running Linux to TimeDicer Server by running rdiff-backup; for help with this, send an email. Compatible backups from machines running Apple Mac or FreeBSD should also be possible but are unsupported.

Recovering Files with

There are two ways to view or recover files, including earlier versions:

rdiffweb - for everyday purposes this is the recommended way to recover files because it works easily through a web interface. You login in to rdiffweb at http://timedicer_server_ip:8080, supplying the username and the password that was set when this user was set up via your TimeDicer Server's web page. The first time that you login to rdiffweb as this user, you may need to update the Backup Locations by clicking on 'Preferences', then on 'Find and Update Backup Locations', and then on 'rdiffweb'.

rdiff-backup command line (--restore option) - this is the more powerful but less user-friendly way to recover files. Study the rdiff-backup manual. The log file created by TimeDicer shows the command used for each backup session - this is a helpful starting point for constructing a restore command.

Updating Server

It’s a good idea to update TimeDicer Server regularly because new features might be added or bugs fixed. The easy way to do this is to rerun the setup script without any parameters:

sudo /opt/timedicer-server-setup.sh

Just press enter to skip all questions except the first and third:

Download and extract key scripts from www.timedicer.co.uk - y

Download and install latest updates for Ubuntu [version] - y

Mirror Server Setup

Having a second or mirror TimeDicer Server is optional but strongly recommended. Your Primary TimeDicer Server needs to be on your local LAN, so that your source machines can reach it easily, fast, and with a stable connection; but this means it probably has the same physical vulnerability as the source machines. Having a remote off-site mirror protects against a catastrophe (earthquake or whatever) that might affect both the source machines and your Primary TimeDicer Server. The mirror is essentially a copy of the Primary TimeDicer Server, updated regularly. If you use 'encrypted LVM' for your mirror TimeDicer Server then you don't need to be too worried about the security of its location.

Why, you might wonder, does the Primary Timedicer Server have to be on the LAN? The overriding reason is that rdiff-backup, which is used by TimeDicer Client to communicate with the primary server, requires a stable network - if the connection breaks during a backup session, the data on the server can be damaged. Although rdiff-backup should correct this on the next run, repeated instability might result in irrecoverable damage to the backup archives. By contrast, rsync - used (by timedicer-mirror) to synchronize data between the Primary and Mirror TimeDicer Servers - copes well with the breaks in a session which can occur when sending data over the internet.

Call it 'timedicer2' instead of 'timedicer1'. It could be important in future that the name of this mirror server ends with a digit that is not '1' (see the section below about operating a TimeDicer Server Pool) and it is logical for your second server to use '2'.

Consider using 'encrypted LVM' (actually dm-crypt + LUKS) for this mirror machine if you think it could be vulnerable to theft. For more information, see Security & Privacy below.

The mirroring of the setup and data from your Primary TimeDicer Server is handled by the timedicer-mirror program (located in your Primary's /opt folder). Before running this for the first time, you need to add the public key of the root user of your primary machine to the list of authorised users on your mirror (secondary) machine. To do this, log in to your primary machine with putty, show the root public key sudo cat /root/.ssh/id_rsa.pub (this was created by the timedicer setup program), and use your mouse to select/highlight the full text of the key, which copies it to your clipboard. Now log in to your mirror machine with putty and do sudo nano /root/.ssh/authorized_keys; with nano open, just right-click in this window to paste the public key into here, then CTRL+x and answer 'y' to save the change.

The basic operation is to run, on your primary server, /opt/timedicer-mirror.sh to mirror its contents to the secondary machine. An additional feature is that if it is supplied with the mac address of the secondary server, the program can 'wake' it up and then put it to 'sleep' after completion (if your mirror server is behind a different router this this router may require port-forwarding configuration because it is unlikely to admit broadcast packets, please contact me if you have problems with this).

For the initial tests and the first full run of timedicer-mirror it's probably best to locate the secondary machine on the same local lan as the primary - it is easier for testing and much faster. First run it with options -ot, which tests all connections without transferring data, then try it with -f option which does everything except mirroring /home (and is still pretty fast), and when this is working fine, run with -ao which does a full backup and provides verbose live feedback - this might take a long time (many hours even).

With this first full backup complete, subsequent runs will be much quicker and so the secondary machine could now be placed at a remote location and the backup done over the internet. (It is quite secure because it uses ssh.) Typically it is run at night when plenty of bandwidth is available. Once it is running smoothly add it, without -ao options, to /etc/crontab to run each night.

The timedicer-mirror program mirrors directories /opt and /home from the primary to the mirror. It also copies rdiffweb user details to the rdiffweb database on the mirror, and creates copies of /etc/crontab and /etc/rc.local and saves them in /opt with '.1' (or another digit depending on the primary machine's BaseID) appended to the names on both the primary and mirror machines, and it creates users and groups on the mirror to match those on the primary, except for the root user (UID=0) and the primary user (UID=1000) which are not altered. Warning: because of the major changes which it makes to the destination machine, you should not run timedicer-mirror to a machine which has any other purpose than being a mirror for your primary or is part of your TimeDicer Server Pool (see below).

Mutual Mirroring within a Server Pool

If you are responsible for more than one location and need offsite backups for both or all of them, you can use a TimeDicer Server Pool to provide mutual mirroring/backup of data. It works the same way as a Mirror Server but you must observe the following guidelines:

Each TimeDicer Server in the pool must have a BaseID which is a number 1-9, and this must be unique within the pool. Normally this is determined by the digit at the end of the hostname (e.g. a machine named timedicer2 has BaseID 2), but this can be overridden by the file /opt/baseid which (if it exists) should contain a single digit. Failing either of these, the BaseID for a machine is 1. The BaseID for a machine can only be changed before you have created any local TimeDicer users (i.e. it can already be a Mirror Server but it cannot already be a Primary Server). [Local TimeDicer users will have uids and gids in the range BaseIDx1000+1 to BaseIDx1000+999.]

Each TimeDicer user needs to have a username that is unique across the TimeDicer Server Pool. The script /opt/timedicer-rename-user.sh is available if you need to rename a user to avoid duplication of names between Servers; and you can set the username for the TimeDicer Client program with 'SET USER=' in its configuration file (see man page here). (Note: the primary user on each machine [uid 1000], which is normally used for logging into the command line interface and should not be used for running TimeDicer Client, does not need a name that is unique across the pool and indeed it is recommended that for this primary user you always use 'timedicer'.)

Run timedicer-mirror from each machine in the pool to another. The process will ensure that data for TimeDicer users local to the source machine is updated on the destination, while data for TimeDicer users local to the destination machine, or for TimeDicer users local to other machines in the TimeDicer Server Pool, is preserved on the destination machine.

Managing And Adding Space On Server

There can be two types of space shortage. When you set up your TimeDicer Server, you probably didn't specify that all the space in the Volume Group (VG), i.e. drive partition, should be used by your 'root' or 'home' Logical Volume (LV), so it may have available space inside the VG that just needs to be added to the LV. In this case you just need to manage the space (1st para below) - but note that if you perform backups to a Secondary TimeDicer Server you should have at least 4 GiB spare inside the Primary Server's VG - i.e. unused by LV - for snapshots. Alternatively you may be running low on physical space in which case you will need to add some (2nd para below).

Managing space on TimeDicer Server is easy! You will be emailed if space is running low on your 'root' or 'home' Logical Volume (LV) or you can check anytime as shown below. Login to the server with putty and:

Refer to the email or do sudo /opt/lvm-usage.sh and look at the 'Free' space for your PV(s), to make sure you have sufficient physical storage space in the volume group. If you are short of physical space, add some as described below under 'Adding space to TimeDicer Server'.

Refer again to the email to check the name of your logical volume (LV) e.g. /dev/timedicer/home.

Here is a one-line example to use when you have at least 20 GiB showing as 'Free' in your PV and in your VG. This will extend a /dev/timedicer/home LV by 20 GiB and then resize the filesystem inside it to fill the new space. The LV name may be different in your case. (Note that making LVM volumes smaller is not so easy):

sudo lvextend -L+20G -r /dev/timedicer/home

Adding space to TimeDicer Server is easy too! If you are running out of physical storage space:

Add a physical hard disk to your system (or if you are using a VM you can add a new virtual disk).

Login in to the server with putty. sudo pvs shows drive partition(s) (in 'PV' column) that is/are already part of your LVM system and the name of your volumegroup or VG (in 'VG' column). Now find the new disk by listing all your disks and partitions with sudo parted -l|grep Disk - check that neither the new disk nor its partitions (if any) have appeared in the pvs list. Let’s assume here that the new disk is /dev/sdb...

Partition the new disk with sudo parted /dev/sdb. Create 1 (primary) partition for the whole disk and set flag for Linux LVM [8E], leaving it not bootable, and then write the changes - for instance:

mklabel gpt
mkpart primary ext2 1MiB -1s
set 1 lvm on
quit

(Note: mkpart uses start of 0% so parted tries to align the partition)

If using 'encrypted LVM' (dm-crypt + LUKS) you need the new disk similarly encrypted, but accessible after the password is entered at boot time; to achieve this see reuse-key-on-new-luks-device (currently alpha software).

Add the new drive partition (same name as the new disk, with a '1' at the end) to your existing VG with vgextend. Assuming your existing VG is 'timedicer', for example: sudo vgextend timedicer /dev/sdb1. If this generates an error message try sudo partprobe /dev/sdb, then repeat the vgextend command.

The new drive is now part of your Volume Group (VG) as an additional Physical Volume (PV) (you can confirm this with sudo pvs). To use the extra space just follow the instructions above on 'Managing space on TimeDicer Server'

Security & Privacy

Encrypted LVM (LUKS + dm_crypt): At setup you have the option to choose 'encrypted LVM' - this encrypts the main partition of the disk using a master key; to load this partition you must enter your passphrase whenever the machine boots. This provides very good protection against data leakage through physical theft because this partition (which normally includes your backed-up data) is unreadable without the master key or passphrase - even by a user in physical possession of the machine and/or drive. With encrypted LVM you should take and keep safe a copy of the LUKS header so that if this gets corrupted on the drive you can restore it and still access the encrypted partition (provided you remember the passphrase), and/or take a copy of the disk master key (which does not require the passphrase). So how secure is a system (such as TimeDicer Server) using encrypted LVM? Very, but the following vulnerabilities are known:

Someone who knows a working passphrase (there can be more than one) can (of course) gain access to the system when it boots; if you are concerned that knowledge of a passphrase has leaked you can change it with sudo cryptsetup luksChangeKey [target device] -S [target key slot number].

Someone with root access to the system while it is running can obtain the master key for the encryption with dmsetup table --showkey or (requiring knowledge of the passphrase) cryptsetup luksDump [device] --dump-master-key (where [device] is the hosting partition - typically /dev/sda5), or can save a copy of the LUKS header. Any of these provide a means for them to access the encrypted partition at a later date unless it has subsequently been re-encrypted using cryptsetup-reencrypt.

Evil Maid attack: an attacker with physical access to the machine, but lacking login capability, boots from a flash drive (say) and then installs a key-logger in the (unencrypted) /boot partition on the main disk. When the unsuspecting system user later boots up the system and enters the passphrase it is recorded by the key-logger and so becomes potentially obtainable by the attacker, who can subsequently use it to gain access. A couple of ways of overcoming this vulnerability have been suggested here. However the author of Veracrypt thinks that there is no reliable defence against the Evil Maid, nor against someone who has once had administrator privileges (see here).

GCHQ's advice is: The Linux Unified Key Setup (LUKS)/dm-crypt disk encryption solutions have not been independently assured to Foundation Grade, and do not support some of the mandatory requirements expected from assured full disk encryption products. Without assurance there is a risk that data stored on the device could be compromised. However, the tpm-luks project can enable usage of Trusted Platform Modules (TPMs) by LUKS which may help meet more of these requirements. At the time of writing tpm-luks projects can be found here and here.

In principle each user's backup on your TimeDicer Server cannot be accessed by other users, so that one person's backed-up documents cannot be read by another person (as configured by timedicer-server-setup). But:

rdiffweb provides a way round this if one user knows the rdiffweb username and password of a different user.

The administrator can gain such access using sudo, and it is also easy for her to log in as any of the restricted users (by adding her public key to their authorized_keys files).

So TimeDicer is not a suitable solution if users cannot trust the TimeDicer Server administrator, or need to hide their data from her. However:

It is possible to backup securely from the TimeDicer Server to an untrusted location by using encfs; at the cost of more than doubling the space consumed on the Primary TimeDicer Server you could copy the contents of /home to an encfs-protected mountpoint and then you could copy (using rsync) the underlying encrypted directory to the insecure destination.

A slightly different approach though still using encfs can be seen here.

Using the ecryptfs system for backups might protect against someone with physical access to the data but without administrative user rights, but not against a malicious administrator. Another possibility is to use fscrypt.

TimeDicer Client communicates with TimeDicer Server using ssh with a private/public key pair and this is extremely secure, provided you keep the private key safe. Rdiffweb however does not use secure communication and so the possibility of man-in-the-middle interception while recovering data using the rdiffweb interface cannot be excluded. You could remove this security risk by recovering data using the command line program rdiff-backup.exe.

Lastly, please note that neither TimeDicer Client nor TimeDicer Server 'phone home', so no information about your installation (not even that it exists) is passed back to me at TimeDicer or indeed to any outside party. (However logs may exist of any downloads that you make from the TimeDicer website, including any updates obtained using timedicer-server-setup.)

Additional Notes

Verifying backups: The utility timedicer-verify is provided in the TimeDicer Server's /opt directory, see the help information here. You can also use timedicer-bloatwatch.sh in the same location - run with -h to see help.

What username should I have? When you 'Add New TimeDicer User' from the TimeDicer Server's homepage, the Server creates a Linux user, and normally you should (as advised on the homepage) set the username to the Windows machine's own 'username'-'domain', which in Windows parlance is %USERNAME%-%USERDOMAIN%, in lower case and with any spaces stripped out; for instance jimjones-widgetoffice. You can download a little batch file from the homepage to give you this so you don't have to work it out. If you choose to set something different you should also set 'user' appropriately in the TimeDicer configuration file.

Backing up from more than one local partition: TimeDicer takes a snapshot of only one local partition, usually C:. This means that if you specify a range of datasets covering more than one local partition (e.g. C: and E:), then only one of them will be backed up from a snapshot and the other(s) will be backed up directly from an active drive, with possible file-locking issues. If you need to backup from snapshots of more than one local drive, do separate runs of TimeDicer using /n to specify the different source and archive each time.

Foreign Language Characters: If you are backing up files with unusual characters (letters) in the filenames, it is necessary that Windows fully supports these characters from the command line. If they can't be viewed correctly from the command line then they can't be backed up correctly by TimeDicer. The solution is to add the relevant language for 'non-Unicode programs' (e.g. Chinese) under the Administrative tab in Region and Language setting of Control Panel (look first in 'Clock, Language, and Region').

Where are backups stored? Each 'archive' is stored in a physical directory called a 'repository' at /home/'username'-'domain' - in the example case above this would be /home/jimjones-widgetoffice. If you specify a 'basearchive' in your configuration file then this introduces an additional directory level (or levels) to the repository storage - for instance if basearchive is set to 'archives' then the archives will be found at /home/jimjones-widgetoffice/archives/. The repository holds a copy 'in the clear' of the most-recently backed-up source data, and in addition in each repository there is a sub-directory 'rdiff-backup-data' which holds, in complex and compressed form, all the data about previous versions of files, included deleted files and directories. But you should never normally need to look here and if you change anything in it you might break your archive.

Remote Booting with Encrypted LVM (LUKS + dm-crypt): If you previously set up your TimeDicer Server using encrypted LVM, you must enter a passphrase before the machine can get past an initial boot stage (initramfs). To do this remotely (from a 'client' machine), you also must have on the client machine - and use when connecting to the TimeDicer Server at this boot stage - a private key which matches a public key previously saved on the TimeDicer Server at /etc/dropbear-initramfs/authorized_keys. The public key for the TimeDicer Server's primary user (not root) is saved there automatically by timedicer-server-setup, and the matching private key can be found on the Server (when logged in as the primary user) at ~/.ssh/id_rsa. If necessary you can add other public keys by editing the authorized_keys file e.g. sudo nano /etc/dropbear-initramfs/authorized_keys; afterwards, do sudo update-initramfs -u -k all to update initramfs with your changes. To enter the passphrase remotely, see unlock - the page includes information on how to enter the password from a non-Linux client machine by using cryptroot-unlock. More information about remote booting with encryption under Ubuntu 18.04 can be found here.

Permissions / ACLs: There are unconfirmed reports that rdiff-backup 1.2.8, the engine upon which TimeDicer is based, is unable successfully to backup, or at least to restore, Windows ACLs (Access Control Lists). You are therefore advised to use the option setting --no-acls (set automatically for new Timedicer installations). This means that advanced file permissions will not be recoverable from a backup. For most users this will not be a problem for data files.

Restoring ACLs: After recovering data from TimeDicer Server to say %APPDATA% or Desktop on the client machine you find that the ACLs are screwed up; for instance it may not be possible to save files to the recovered location. You can restore the default inherited permissions for the recovered directory using icacls from a Windows administrator command prompt. For example, if you recovered to %APPDATA%\Thunderbird, this restores inherited permissions for all files and directories below %APPDATA%\Thunderbird:

icacls %APPDATA%\Thunderbird /reset /t /c /q

Changing a username / Deleting a user: If you reconfigure a source machine (for instance, system upgrade) the %USERNAME%-%USERDOMAIN% may change. To continue using the same backup identity you could add a line beginning 'SET user=' to the configuration file, but as an alternative you can change the name on the TimeDicer Server using the timedicer-rename-user script thus:

sudo /opt/timedicer-rename-user.sh oldusername newusername

If you are using a TimeDicer Mirror Server you must run the same script there. This script can also be used with -x option to delete a user account (and all its archives).

Bitlocker / EFS: Files on EFS encrypted file system (available in Professional versions of Windows) cannot be backed up using VSS. The workaround is to disable use of VSS by TimeDicer. The same is probably true (untested) for files on drives using Microsoft's BitLocker.

Upgrading Ubuntu 14.04 to 16.04: If you are upgrading an older TimeDicer Server running Ubuntu 14.04LTS to 16.04LTS, the following apply:

Upgrade with sudo do-release-upgrade, and when asked accept all new installer settings (Y/I) rather than retaining old settings

Run sudo /opt/timedicer-server-setup.sh (see above, don't use -f option) once, choosing 'y' to at least the following questions:

Download and extract key scripts

Remove php5-common (if asked)

(Re)install and configure lvm2 (etc)

Upgrading Ubuntu 16.04 to 18.04: If you are upgrading an older TimeDicer Server running Ubuntu 16.04LTS to 18.04LTS, the following apply:

Upgrade with sudo do-release-upgrade, and when asked accept all new installer settings (Y/I) rather than retaining old settings

Run sudo /opt/timedicer-server-setup.sh (see above, don't use -f option) once, choosing 'y' to at least the following questions:

My Other Sites

My Programs

Here is a selection of some (other) programs I have written, most of which run from the command line (CLI), are freely available and can be obtained by clicking on the links. Dependencies are shown and while in most cases written for a conventional Linux server, they should run even on a Raspberry Pi, and many can run under Windows using Cygwin. Email me if you have problems or questions, or if you think I could help with a programming requirement.

lvm-usage - GNU/Linux script to show available disk space and how it is used; run as cron job to warn if usage is above a set percentage. Provides additional information if LVM is in use. [ GNU/Linux-Debian/Ubuntu: 2012-18
]

lvm-delete-snapshot - GNU/Linux script to remove LVM snapshot that has been left over by another process. [ GNU/Linux-Debian/Ubuntu: 2012-16
]

tiny-device-monitor - GNU/Linux program to test webpages (including password-protected) or machines to check they are live; use as a cron job for your own websites, for hardware presenting a webpage, or for any machines with a presence on your local LAN or on the internet. [ GNU/Linux: 2009-18
]

dutree - GNU/Linux program to show a tree-style list of files and directories at the specified location and greater than the specified size (default 1GB). [ GNU/Linux: 2012-15
]

disk-wiper - GNU/Linux script to wipe a disk drive comprehensively and also check it for bad blocks. For use on a surplus drive (not SSD, not GPT) before passing to a third party. [ GNU/Linux: 2011-16
]